moritz
/
dotfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

refactor: rename deprecated option

nixos
Moritz Böhme 2023-05-07 12:04:17 +02:00
parent e8fde71f2c
commit 49f7cde4cd
Signed by: moritz
GPG Key ID: 970C6E89EB0547A9
1 changed files with 1 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
modules/security/default.nix
View File

@ -3,9 +3,6 @@
, ... , ...
}: { }: {
## System security tweaks ## System security tweaks
# sets hidepid=2 on /proc (make process info visible only to owning user)
# NOTE Was removed on nixpkgs-unstable because it doesn't do anything
# security.hideProcessInformation = true;
# Prevent replacing the running kernel w/o reboot # Prevent replacing the running kernel w/o reboot
security.protectKernelImage = lib.mkDefault true; security.protectKernelImage = lib.mkDefault true;
@ -14,7 +11,7 @@
boot.tmp.useTmpfs = lib.mkDefault true; boot.tmp.useTmpfs = lib.mkDefault true;
# If not using tmpfs, which is naturally purged on reboot, we must clean it # If not using tmpfs, which is naturally purged on reboot, we must clean it
# /tmp ourselves. /tmp should be volatile storage! # /tmp ourselves. /tmp should be volatile storage!
boot.tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmpOnTmpfs); boot.tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
# Fix a security hole in place for backwards compatibility. See desc in # Fix a security hole in place for backwards compatibility. See desc in
# nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix # nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix